A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

CVE Database V5

Detailed information about CVE-2025-15191: Command Injection in D-Link DWR-M920 affecting D-Link DWR-M920. Get real-time updates, technical details, and mitigat

CVE-2025-15191: Command Injection in D-Link DWR-M920 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15191: Command Injection in D-Link DWR-M920

In mid-2025, a malicious driver file was discovered on Asian computer systems, signed with a compromised digital certificate. This driver injects a backdoor Trojan and protects malicious files, processes, and registry keys. The final payload is a new variant of the ToneShell backdoor, associated with the HoneyMyte APT group. The attacks, which began in February 2025, primarily target government organizations in Southeast and East Asia, especially Myanmar and Thailand. The malware uses various techniques to evade detection, including API obfuscation, process protection, and registry key protection. The ToneShell backdoor communicates with command-and-control servers using fake TLS headers and supports remote operations such as file transfer and shell access.

AlienVault OTX General

Detailed information about The HoneyMyte APT now protects malware with a kernel-mode rootkit. Get real-time updates, technical details, and mitigation strategie

The HoneyMyte APT now protects malware with a kernel-mode rootkit - Live Threat Intelligence - Threat Radar | OffSeq.com

The HoneyMyte APT now protects malware with a kernel-mode rootkit

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

Detailed information about CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920 affecting D-Link DWR-M920. Get real-time updates, technical details, a

CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

Detailed information about CVE-2025-15189: Buffer Overflow in D-Link DWR-M920 affecting D-Link DWR-M920. Get real-time updates, technical details, and mitigatio

CVE-2025-15189: Buffer Overflow in D-Link DWR-M920 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15189: Buffer Overflow in D-Link DWR-M920

File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.

Detailed information about CVE-2025-57460: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-57460: n/a

CVE-2025-57460: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-15191: Command Injection in D-Link DWR-M920

CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920

CVE-2025-15189: Buffer Overflow in D-Link DWR-M920

CVE-2025-15188: Cross Site Scripting in Campcodes Complete Online Beauty Parlor Management System

CVE-2025-15156: NULL Pointer Dereference in omec-project UPF

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility